[ISN] Security UPDATE -- Strengthen Browser Security with
Third-Party Solutions--October 6, 2004
isn at c4i.org
Thu Oct 7 05:49:21 EDT 2004
==== This Issue Sponsored By ====
Download *Free eBook* on Active Directory Security
Get thawte's New Step-by-Step SSL Guide for MSIIS
1. In Focus: Strengthen Browser Security with Third-Party Solutions
2. Security News and Features
- Recent Security Vulnerabilities
- JPEG GDI+ Trojan Unleashed
- More JPEG GDI+ Exploits
- Welcome to the "You've Been Hacked" Blog
3. Security Matters Blog
- Trojans with a Twist
4. Instant Poll
5. Security Toolkit
- Security Forum Featured Thread
6. New and Improved
- Spam Solution Adds User Quarantine Features
==== Sponsor: ScriptLogic ====
Download the FREE eBook on Active Directory Security today and gain
valuable guidance and real-world examples for creating the most
secure Active Directory solutions. Published by ScriptLogic
Corporation, all 4 chapters are now available individually or as one
complete PDF. Download "The Administrator Shortcut Guide to Active
Directory Security" today.
==== 1. In Focus: Strengthen Browser Security with Third-Party Solutions
by Mark Joseph Edwards, News Editor, mark at ntsecurity / net
If you subscribe to our WinInfo email newsletter, then you've probably
read stories by Paul Thurrott that discuss how Microsoft will handle
improvements to Internet Explorer (IE) in the future. If you don't
subscribe to the newsletter and want to, then visit the home page below,
where you'll find a link to the subscription form.
As you know, it's been quite some time since Microsoft released a new
version of the browser. Meanwhile, other browsers, such as Opera
Software's Opera and Mozilla Firefox, have added considerable new
features and functionality. But Microsoft has decided that it will
introduce future IE improvements via service packs--it won't offer newer
versions of the Web browser as standalone software because the company
considers IE an integral part of the OS.
The recent Windows XP Service Pack 2 (SP2) offers improvements to the
underlying security of the OS and various components, including IE.
Microsoft isn't planning to offer similar improvements to Windows 2000
and earlier OSs.
Many of you can't upgrade to XP yet for a variety of reasons, but in the
meantime, you still want to improve overall system security. You can
gain some of XP SP2's improvements by using third-party products. In at
least one case--Windows Firewall--third-party products are typically
superior. Because Windows Firewall allows all outbound connections
without any means to control them, it's probably a wise idea to use a
third-party firewall on systems on which you require precise control
over network traffic.
To improve the IE security on Windows 2000 and previous OSs, three
options immediately come to mind, although there are probably others.
One option lets you keep using IE as your primary browser; the other two
options recommend that you use another browser as your primary browser
and use IE only when you have to for whatever reason. I describe the
options below in no particular order.
One option is to add PivX's Qwik-Fix Pro to your systems to help you
modify IE zones to lock down the browser and prevent malware from
exploiting the system. Another option is to purchase a browser such as
Winferno Software's Secure IE 2004, which is an IE replacement that
offers better security than IE versions prior to XP SP2's. The third
option is to use a free third-party browser such as Mozilla Firefox or
Opera Software's Opera, both of which offer functionality similar to
that found in IE under XP SP2.
Qwik-Fix Pro and Secure IE 2004 cost money, which of course is
reasonable to expect. Opera is available for free if you're willing to
view banner advertising while you use it; if you buy it, you can use it
ad-free. Firefox is open source and as such is available for free and
without banner advertising.
==== Sponsor: thawte ====
In need of a SSL Certificate for your Microsoft Internet Information
Services (MS IIS) web server? This guide will provide a solution for
your need by demonstrating how to test, purchase, install and use a
digital certificate on your MSIIS web server. Best practices are
highlighted throughout this guide to help you ensure efficient
ongoing management of your encryption keys and digital certificates.
You will also discover how a particular digital certificate can
benefit your business by addressing unique online security issues to
build customer confidence.
==== 2. Security News and Features ====
Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security
Alerts, which inform you about recently discovered security
vulnerabilities. You can also find information about these
JPEG GDI+ Trojan Unleashed
It was only a matter of time before someone unleashed malware that
exploits the JPEG GDI+ vulnerability. Over the last two weeks,
various people have released proof-of-concept code. Now someone has
unleashed a JPEG file that causes a buffer overrun and runs shell
code on the affected system.
More JPEG GDI+ Exploits
As could probably be expected, intruders have begun using AOL Instant
Messenger (AIM) and other methods to exploit unsuspecting users who
have the JPEG GDI+ vulnerability. At least two new Trojan Horse
programs have been unleashed.
Welcome to the "You've Been Hacked" Blog
We've added a second security blog, "You've Been Hacked," hosted by
Brett Hill. Over the next few months, Hill will host a frank
discussion of security issues related to Microsoft OSs, services, and
products. As the blog title suggests, the blog will focus on what to
do if you think you've been hacked. We want to hear from you about
your experiences, questions, and concerns.
==== Announcements ====
(from Windows IT Pro and its partners)
Want the "69 Top SQL Server Tips?"
Order SQL Server Magazine today and get 30% off the cover price and
receive free, subscriber-only access to the entire SQL Server article
archive--filled with thousands of exclusive articles, insider notes,
and savvy instructions. Bonus--subscribe now and get the "69 Top SQL
Server Tips" guide free! This is a limited-time offer, so order now.
Get the Charter Issue of Windows IT Pro!
Windows & .NET Magazine is now Windows IT Pro! Act now to get our
special charter issue rate of just $39.95--that's 52% off the cover
price! The September issue shows you how to plug DNS holes and select
the best scripting editor, plus learn more about the business side of
IT. And discover the top 10 PC trends we think you need to keep an
eye on. This is a limited-time offer, so order today!
==== 3. Security Matters Blog ====
by Mark Joseph Edwards, http://list.windowsitpro.com/cgi-bin3/DM/y/ehkw0MfYqv0Kma0BL3Z0Ae
Check out this recent entry in the Security Matters blog:
Trojans with a Twist
Trojan horse programs are a bad enough problem because they can allow
remote access to a user's computer. One would think that having a
firewall in place would prevent a Trojan from opening back doors in
case of infection. But Windows Firewall won't prevent the
Win32.Surila.K Trojan from opening a back door on your system.
==== 4. Instant Poll ====
Results of Previous Poll:
Have you experienced difficulty determining which of your systems need
the latest Microsoft security patches (MS04-027 and MS04-028)?
The voting has closed in this Windows IT Pro Security Hot Topic
nonscientific Instant Poll. Here are the results from the 20 votes.
- 65% Yes
- 20% No
- 15% I'm not sure
(Deviations from 100 percent are due to rounding.)
New Instant Poll:
Have you been affected by a recent JPEG GDI+ exploit?
Go to the Security Hot Topic and submit your vote for
- No, we've patched our systems
- No, we've patched our systems and removed vulnerable JPEG images
- I'm not certain
==== 5. Security Toolkit ====
by John Savill, http://list.windowsitpro.com/cgi-bin3/DM/y/ehkw0MfYqv0Kma0BL3a0Al
Q: Has Microsoft updated any of the Windows Support Tools in Windows XP
Service Pack 2 (SP2)?
Find the answer at
Security Forum Featured Thread: Disabling .vbs Files in an OU
A forum participant is looking for a way to use a policy to disable
the use of some .vbs files in an Active Directory (AD) organizational
unit (OU) while allowing the use of some .vbs files that he approves
of. His understanding is that he can implement only an "all or
nothing" policy and wonders whether anyone knows a way around this
limitation. Join the discussion at
==== Events Central ====
(A complete Web and live events directory brought to you by Windows
IT Pro at http://list.windowsitpro.com/cgi-bin3/DM/y/ehkw0MfYqv0Kma0BK3L0AP )
Get Your Fax Servers Up and Running Smarter, Faster, and More
In this free Web seminar, you'll learn the latest trends and
developments in the fax market, as well as learn best practices for
seamless integration with Microsoft Exchange Server and Outlook with
real-time fax technologies. Find out integration faxing architecture
and multifunction device tactics, deployment techniques, and more.
==== 6. New and Improved ====
by Renee Munshi, mailto:products at windowsitpro.com
Spam Solution Adds User Quarantine Features
Trend Micro announced new End User Quarantine (EUQ) features for
Trend Micro Spam Prevention Solution (SPS) to reduce Help-desk
burdens, to help corporate users manage their own "approved senders"
lists, and to improve accuracy and effectiveness. EUQ, a free add-on,
quarantines suspicious "graymail" messages (i.e., messages not
clearly identifiable as spam) into Microsoft Exchange Server folders
for each user. Thus, SPS users have instant access to potentially
important messages and can individually approve any problematic
senders. EUQ improves SPS's reporting and management capabilities and
decreases the number of false positives while increasing the spam
Tell Us About a Hot Product and Get a T-Shirt!
Have you used a product that changed your IT experience by saving you
time or easing your daily burden? Tell us about the product, and
we'll send you a T-shirt if we write about the product in a future
Windows IT Pro What's Hot column. Send your product suggestions with
information about how the product has helped you to
mailto:whatshot at windowsitpro.com.
Editor's note: Share Your Security Discoveries and Get $100
Share your security-related discoveries, comments, or problems and
solutions in the Security Administrator print newsletter's Reader to
Reader column. Email your contributions (500 words or less) to
mailto:r2rsecadmin at windowsitpro.com. If we print your submission, you'll
get $100. We edit submissions for style, grammar, and length.
==== Contact Us ====
About the newsletter -- mailto:letters at windowsitpro.com
About technical questions -- http://list.windowsitpro.com/cgi-bin3/DM/y/ehkw0MfYqv0Kma0BKxi0A2
About product news -- mailto:products at windowsitpro.com
About your subscription -- mailto:securityupdate at windowsitpro.com
About sponsoring Security UPDATE -- mailto:emedia_opps at windowsitpro.com
This email newsletter is brought to you by Windows IT Pro,
the leading publication for IT professionals deploying Windows and
related technologies. Subscribe today.
Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department
Copyright 2004, Penton Media, Inc. All rights reserved.
More information about the ISN